package com.css.security.server;

import com.css.security.core.authorization.AuthorizeConfigManager;
import com.css.security.core.authentication.mobile.SmsCodeAuthenticationSecurityConfig;
import com.css.security.core.config.FormAuthenticationConfig;
import com.css.security.core.validate.code.filter.ValidateCodeSecurityConfig;
import com.css.common.security.constant.SecurityConstants;
import com.css.common.security.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.social.security.SpringSocialConfigurer;

/**
 * CssResourceServerConfig
 * 资源服务器配置
 *
 * @author hanyx
 * @date 2019/04/16
 */
@Configuration
@EnableResourceServer
public class CssResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Autowired
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

    @Autowired
    private AuthorizeConfigManager authorizeConfigManager;

    @Autowired
    private FormAuthenticationConfig formAuthenticationConfig;

    /**
     * 把 SocialAuthenticationFilter,加到Spring security中
     * SocialAuthenticationFilter会拦截所有/auth请求
     */
    @Autowired
    @Qualifier("cssSpringSocialConfigurer")
    private SpringSocialConfigurer springSocialConfigurer;

    @Override
    public void configure(HttpSecurity http) throws Exception {

        formAuthenticationConfig.configure(http);

        http.apply(validateCodeSecurityConfig)
                .and()
                .apply(smsCodeAuthenticationSecurityConfig)
                .and()
                .apply(springSocialConfigurer)
                .and()
                .csrf().disable();

        authorizeConfigManager.config(http.authorizeRequests());
    }
}
